Added debug logging categories that allow a user to output debug
information based on a specified category. This lets the user limit,
and filter debug output to data relevant to a particular context,
or topic. For instance the following categories are now available for
debug logging purposes:

  dtls, dtls_packet, ice, rtcp, rtcp_packet, rtp, rtp_packet,
  stun, stun_packet

These debug categories can be enable/disable via an Asterisk CLI command.

While this overrides, and outputs debug data, core system debugging is
not affected by this patch. Statements still output at their appropriate
debug level. As well backwards compatibility has been maintained with
past debug groups that could be enabled using the CLI (e.g. rtpdebug,
stundebug, etc.).

ASTERISK-29054 #close

Change-Id: I6e6cb247bb1f01dbf34750b2cd98e5b5b41a1849

In the event that the desired extension already exists,
ast_add_extension2_lockopt() will free the 'data' it is passed before
returning an error, so we should not be freeing it ourselves.

Additionally, there were two places where ast_add_extension2_lockopt()
could return an error without also freeing the 'data' pointer, so we
add that.

ASTERISK-29097 #close

Change-Id: I904707aae55169feda050a5ed7c6793b53fe6eae

app_confbridge now has the ability to set the estimated bitrate on an
SFU bridge.  To use it, set a bridge profile's remb_behavior to "force"
and set remb_estimated_bitrate to a rate in bits per second.  The
remb_estimated_bitrate parameter is ignored if remb_behavior is something
other than "force".

Change-Id: Idce6464ff014a37ea3b82944452e56cc4d75ab0a

Check result of ast_translator_build_path against NULL before dereferencing.

ASTERISK-29091

Change-Id: Ia3538ea190bd371f70c9dd49984b021765691b29

ASTERISK-28311 #close

Change-Id: Ib1ce8fc1a8752751f5bf3615c59245532dfd9aa2

ASTERISK-28416 #close

Change-Id: I069420875ebdbcaada52d92599a5f7de3cb2cdf4

Added to:
 * bridges/bridge_softmix.c
 * channels/chan_pjsip.c
 * include/asterisk/res_pjsip_session.h
 * main/channel.c
 * res/res_pjsip_session.c

There NO functional changes in this commit.

Change-Id: I06af034d1ff3ea1feb56596fd7bd6d7939dfdcc3

When both Asterisk and a UA send re-invites at the same time, both
send 491 "Transaction in progress" responses to each other and back
off a specified amount of time before retrying. When Asterisk
prepares to send its re-invite, it sets up the session's pending
media state with the new topology it wants, then sends the
re-invite.  Unfortunately, when it received the re-invite from the
UA, it partially processed the media in the re-invite and reset
the pending media state before sending the 491 losing the state it
set in its own re-invite.

Asterisk also was not tracking re-invites received while an existing
re-invite was queued resulting in sending stale SDP with missing
or duplicated streams, or no re-invite at all because we erroneously
determined that a re-invite wasn't needed.

There was also an issue in bridge_softmix where we were using a stream
from the wrong topology to determine if a stream was added.  This also
caused us to erroneously determine that a re-invite wasn't needed.

Regardless of how the delayed re-invite was triggered, we need to
reconcile the topology that was active at the time the delayed
request was queued, the pending topology of the queued request,
and the topology currently active on the session.  To do this we
need a topology resolver AND we need to make stream named unique
so we can accurately tell what a stream has been added or removed
and if we can re-use a slot in the topology.

Summary of changes:

 * bridge_softmix:
   * We no longer reset the stream name to "removed" in
     remove_all_original_streams().  That was causing  multiple streams
     to have the same name and wrecked the checks for duplicate streams.

   * softmix_bridge_stream_sources_update() was checking the old_stream
     to see if it had the softmix prefix and not considering the stream
     as "new" if it did.  If the stream in that slot has something in it
     because another re-invite happened, then that slot in old might
     have a softmix stream but the same stream in new might actually
     be a new one.  Now we check the new_stream's name instead of
     the old_stream's.

 * stream:
   * Instead of using plain media type name ("audio", "video", etc) as
     the default stream name, we now append the stream position to it
     to make it unique.  We need to do this so we can distinguish multiple
     streams of the same type from each other.

   * When we set a stream's state to REMOVED, we no longer reset its
     name to "removed" or destroy its metadata.  Again, we need to
     do this so we can distinguish multiple streams of the same
     type from each other.

 * res_pjsip_session:
   * Added resolve_refresh_media_states() that takes in 3 media states
     and creates an up-to-date pending media state that includes the changes
     that might have happened while a delayed session refresh was in the
     delayed queue.

   * Added is_media_state_valid() that checks the consistency of
     a media state and returns a true/false value. A valid state has:
     * The same number of stream entries as media session entries.
         Some media session entries can be NULL however.
     * No duplicate streams.
     * A valid stream for each non-NULL media session.
     * A stream that matches each media session's stream_num
       and media type.

   * Updated handle_incoming_sdp() to set the stream name to include the
     stream position number in the name to make it unique.

   * Updated the ast_sip_session_delayed_request structure to include both
     the pending and active media states and updated the associated delay
     functions to process them.

   * Updated sip_session_refresh() to accept both the pending and active
     media states that were in effect when the request was originally queued
     and to pass them on should the request need to be delayed again.

   * Updated sip_session_refresh() to call resolve_refresh_media_states()
     and substitute its results for the pending state passed in.

   * Updated sip_session_refresh() with additional debugging.

   * Updated session_reinvite_on_rx_request() to simply return PJ_FALSE
     to pjproject if a transaction is in progress.  This stops us from
     creating a partial pending media state that would be invalid later on.

   * Updated reschedule_reinvite() to clone both the current pending and
     active media states and pass them to delay_request() so the resolver
     can tell what the original intention of the re-invite was.

   * Added a large unit test for the resolver.

ASTERISK-29014

Change-Id: Id3440972943c611a15f652c6c569fa0e4536bfcb

Currently, it was not possible to create bridge with video_mode single.
This made hard to put the bridge in a vidoe_single mode.
So, added video_single option for Bridge creation using the ARI.
This allows create a bridge with video_mode single.

ASTERISK-29055

Change-Id: I43e720e5c83fc75fafe10fe22808ae7f055da2ae

There's a race condition with bridging where a bridge can be torn down
causing the bridge_channel's ast_channel to become NULL when it's still
needed. This particular case happened with attended transfers, but the
crash occurred when trying to publish a stasis message. Now, the
bridge_channel is locked, a ref to the ast_channel is obtained, and that
ref is passed down the chain.

Change-Id: Ic48715c0c041615d17d286790ae3e8c61bb28814

Change-Id: Id603b0b03b78eb84c7fca030a08b343c0d5973f9

When the ExtensionState AMI action is executed on a pattern matched
hint it can end up adding a new hint if one does not already exist.
This results in a locking order of contexts -> hints -> contexts.

If at the same time a reload is occurring and adding its own hint
it will have a locking order of hints -> contexts.

This results in a deadlock as one thread wants a lock on contexts
that the other has, and the other thread wants a lock on hints
that the other has.

This change enforces a hints -> contexts locking order by explicitly
locking hints in the places where a hint is added when queried for.
This matches the order seen through normal adding of hints.

ASTERISK-29046

Change-Id: I49f027f4aab5d2d50855ae937bcf5e2fd8bfc504

Added a new log formatter called "plain" that always prints
file, function and line number if available (even for verbose
messages) and never prints color control characters.  It also
doesn't apply any special formatting for verbose messages.
Most suitable for file output but can be used for other channels
as well.

You use it in logger.conf like so:
debug => [plain]debug
console => [plain]error,warning,debug,notice,pjsip_history
messages => [plain]warning,error,verbose

Change-Id: I4fdfe4089f66ce2f9cb29f3005522090dbb5243d

T.140 data in RTP is not zero terminated, so when we are queuing a text
frame on a bridge we need to ensure that we are passing a zero
terminated string.

ASTERISK-28974 #close

Change-Id: Ic10057387ce30b2094613ea67e3ae8c5c431dda3

The SCOPE_ENTER and SCOPE_EXIT* macros now print debug messages
at the same level as the scope level.  This allows the same
messages to be printed to the debug log when AST_DEVMODE
isn't enabled.

Also added a few variants of the SCOPE_EXIT macros that will
also call ast_log instead of ast_debug to make it easier to
use scope tracing and still print error messages.

Change-Id: I7fe55f7ec28069919a0fc0b11a82235ce904cc21

 * Added ast_stream_to_stra and ast_stream_topology_to_stra() macros
   which are shortcuts for
      ast_str_tmp(256, ast_stream_to_str(stream, &STR_TMP))

 * Added the stream position to the string representation of the
   stream.

 * Fixed some formatting in ast_stream_to_str().

Change-Id: Idaf4cb0affa46d4dce58a73a111f35435331cc4b

Allow passing a topology from the called channel back to the
calling channel.

 * Added a new function ast_queue_answer() that accepts a stream
   topology and queues an ANSWER CONTROL frame with it as the
   data.  This allows the called channel to indicate its resolved
   topology.

 * Added a new virtual function to the channel tech structure
   answer_with_stream_topology() that allows the calling channel
   to receive the called channel's topology.  Added
   ast_raw_answer_with_stream_topology() that invokes that virtual
   function.

 * Modified app_dial.c and features.c to grab the topology from the
   ANSWER frame queued by the answering channel and send it to
   the calling channel with ast_raw_answer_with_stream_topology().

 * Modified frame.c to automatically cleanup the reference
   to the topology on ANSWER frames.

Added a few debugging messages to stream.c.

Change-Id: I0115d2ed68d6bae0f87e85abcf16c771bdaf992c

With the addition of STIR/SHAKEN, the function ast_base64decode_string
was added for convenience since there is a lot of converting done during
the STIR/SHAKEN process. This function returned the decoded string for
you, but did not NULL terminate it, causing some issues (specifically
with MALLOC_DEBUG). Now, the returned string is NULL terminated, and the
documentation has been updated to reflect this.

Change-Id: Icdd7d05b323b0c47ff6ed43492937a03641bdcf5

There are various places in Asterisk - specifically in regards to
database integration - where having some kind of UTF-8 validation would
be beneficial. This patch adds:

* Functions to validate that a given string contains only valid UTF-8
  sequences.

* A function to copy a string (similar to ast_copy_string) stopping when
  an invalid UTF-8 sequence is encountered.

* A UTF-8 validator that allows for progressive validation.

All of this is based on the excellent UTF-8 decoder by Björn Höhrmann.
More information is available here:

    https://bjoern.hoehrmann.de/utf-8/decoder/dfa/

The API was written in such a way that should allow us to replace the
implementation later should we determine that we need something more
comprehensive.

Change-Id: I3555d787a79e7c780a7800cd26e0b5056368abf9

Currently, if the bridge has created by the ARI, the video_mode
parameter was
not shown in the BridgeCreated event correctly.

Fixed it and added video_mode shown in the 'bridge show <bridge id>'
cli.

ASTERISK-28987

Change-Id: I8c205126724e34c2bdab9380f523eb62478e4295

If an ACL is misconfigured in the realtime database (for instance, the
"rule" is blank) and Asterisk attempts to read the ACL, Asterisk will
crash.

ASTERISK-28978 #close

Change-Id: Ic1536c4df856231bfd2da00128f7822224d77610

Prior to making any modifications to the pjsip infrastructure
for ACN, I've added the tracing functions to the existing code.
This should make the final commit easier to review, but we can also
now run a "before and after" trace.

No functional changes were made with this commit.

Change-Id: Ia83a1a2687ccb96f2bc8a2a3928a5214c4be775c

 * ast_frame_subclass2str() and ast_frame_type2str() now return
   a pointer to the buffer that was passed in instead of void.
   This makes it easier to use these functions inline in
   printf-style debugging statements.

 * Added many missing control frame entries in
   ast_frame_subclass2str.

Change-Id: Ifd0d6578e758cd644c96d17a5383ff2128c572fc

Tracing through synchronous tasks was a little troublesome because
the new thread's stack counter reset to 0.  This change allows
a synchronous task to set its trace level to be the same as the
thread that pushed the task.  For now, the task's level has to be
passed in the task's data structure but a future enhancement to the
taskprocessor subsystem could automatically set the trace level
of the servant to be that of the caller.

This doesn't really make sense for async tasks because you never
know when they're going to run anyway.

Change-Id: Ib8049c0b815063a45d8c7b0cb4e30b7b87b1d825

This patch allows a user of AMI to now specify the type of message
content contained within by setting the 'Content-Type' parameter.

Note, the AMI version has been bumped for this change.

ASTERISK-28945 #close

Change-Id: Ibb5315702532c6b954e1498beddc8855fabdf4bb

The Streams API becomes the home for the core ACN capabilities.
These include...

 * Parsing and formatting of codec negotation preferences.
 * Resolving pending streams and topologies with those configured
   using configured preferences.
 * Utility functions for creating string representations of
   streams, topologies, and negotiation preferences.

For codec negotiation preferences:
 * Added ast_stream_codec_prefs_parse() which takes a string
   representation of codec negotiation preferences, which
   may come from a pjsip endpoint for example, and populates
   a ast_stream_codec_negotiation_prefs structure.
 * Added ast_stream_codec_prefs_to_str() which does the reverse.
 * Added many functions to parse individual parameter name
   and value strings to their respectrive enum values, and the
   reverse.

For streams:
 * Added ast_stream_create_resolved() which takes a "live" stream
   and resolves it with a configured stream and the negotiation
   preferences to create a new stream.
 * Added ast_stream_to_str() which create a string representation
   of a stream suitable for debug or display purposes.

For topology:
 * Added ast_stream_topology_create_resolved() which takes a "live"
   topology and resolves it, stream by stream, with a configured
   topology stream and the negotiation preferences to create a new
   topology.
 * Added ast_stream_topology_to_str() which create a string
   representation of a topology suitable for debug or display
   purposes.
 * Renamed ast_format_caps_from_topology() to
   ast_stream_topology_get_formats() to be more consistent with
   the existing ast_stream_get_formats().

Additional changes:
 * A new function ast_format_cap_append_names() appends the results
   to the ast_str buffer instead of replacing buffer contents.

Change-Id: I2df77dedd0c72c52deb6e329effe057a8e06cd56

Integrated STIR/SHAKEN support with outgoing INVITEs. When an INVITE is
sent, the caller ID will be checked to see if there is a certificate
that corresponds to it. If so, that information will be retrieved and an
Identity header will be added to the SIP message. The format is:

header.payload.signature;info=<public_key_url>alg=ES256;ppt=shaken

Header, payload, and signature are all BASE64 encoded. The public key
URL is retrieved from the certificate. Currently the algorithm and ppt
are ES256 and shaken, respectively. This message is signed and can be
used for verification on the receiving end.

Two new configuration options have been added to the certificate object:
attestation and origid. The attestation is required and must be A, B, or
C. origid is the origination identifier.

A new utility function has been added as well that takes a string,
allocates space, BASE64 encodes it, then returns it, eliminating the
need to calculate the size yourself.

Change-Id: I1f84d6a5839cb2ed152ef4255b380cfc2de662b4

When requesting a Local channel the requested stream topology
or a converted stream topology will now be placed onto the
resulting channels.

Frames written in on streams will now also preserve the stream
identifier as they are queued on the opposite channel.

Finally when a stream topology change is requested it is
immediately accepted and reflected on both channels. Each
channel also receives a queued frame to indicate that the
topology has changed.

ASTERISK-28938

Change-Id: I4e9d94da5230d4bd046dc755651493fce1d87186

This patch fixes a few compile warnings/errors that now occur when using gcc
10+.

Also, the Makefile.rules check to turn off partial inlining in gcc versions
greater or equal to 8.2.1 had a bug where it only it only checked against
versions with at least 3 numbers (ex: 8.2.1 vs 10). This patch now ensures
any version above the specified version is correctly compared.

Change-Id: I54718496eb0c3ce5bd6d427cd279a29e8d2825f9

Added default variable value to fix a compiler error.

Change-Id: I7b592adbb1274dc5464dea1c5e5de0685c928553

Integrated STIR/SHAKEN support with incoming INVITES. Upon receiving an
INVITE, the Identity header is retrieved, parsing the message to verify
the signature. If any of the parsing fails,
AST_STIR_SHAKEN_VERIFY_NOT_PRESENT will be added to the channel for this
caller ID. If verification itself fails,
AST_STIR_SHAKEN_VERIFY_SIGNATURE_FAILED will be added. If anything in
the payload does not line up with the SIP signaling,
AST_STIR_SHAKEN_VERIFY_MISMATCH will be added. If all of the above steps
pass, then AST_STIR_SHAKEN_VERIFY_PASSED will be added, completing the
verification process.

A new config option has been added to the general section for
stir_shaken.conf. "signature_timeout" is the amount of time a signature
will be considered valid. If an INVITE is received and the amount of
time between when it was received and when it was signed is greater than
signature_timeout, verification will fail.

Some changes were also made to signing and verification. There was an
error where the whole JSON string was being signed rather than the
header combined with the payload. This has been changed to sign the
correct thing. Verification has been changed to do this as well, and the
unit tests have been updated to reflect these changes.

A couple of utility functions have also been added. One decodes a BASE64
string and returns the decoded string, doing all the length calculations
for you. The other retrieves a string value from a header in a rdata
object.

Change-Id: I855f857be3d1c63b64812ac35d9ce0534085b913

If a frame is written to a channel in a bridge we
would normally queue this frame up and the channel
thread would then act upon it. If this frame had no
stream mapping on the channel it would then be
discarded.

This change adds a check before the queueing occurs
to determine if a mapping exists. If it does not
exist then the frame is not even queued at all. This
stops a frame duplication from happening and from
the channel thread having to wake up and deal with
it.

Change-Id: I17189b9b1dec45fc7e4490e8081d444a25a00bda

If the bridge show all command could not get the bridge snapshot, it causes null pointer exception.
Fixed it to check the snapshot is null.

ASTERISK-28920

Change-Id: I3521fc1b832bfc69644d0833f2c78177e1e51f58

What's wrong with ast_debug?

  ast_debug is fine for general purpose debug output but it's not
  really geared for scope tracing since it doesn't present its
  output in a way that makes capturing and analyzing flow through
  Asterisk easy.

How is scope tracing better?

  Scope tracing uses the same "cleanup" attribute that RAII_VAR
  uses to print messages to a separate "trace" log level.  Even
  better, the messages are indented and unindented based on a
  thread-local call depth counter.  When output to a separate log
  file, the output is uncluttered and easy to follow.

  Here's an example of the output. The leading timestamps and
  thread ids are removed and the output cut off at 68 columns for
  commit message restrictions but you get the idea.

--> res_pjsip_session.c:3680 handle_incoming PJSIP/1173-00000001
	--> res_pjsip_session.c:3661 handle_incoming_response PJSIP/1173
		--> res_pjsip_session.c:3669 handle_incoming_response PJSIP/
			--> chan_pjsip.c:3265 chan_pjsip_incoming_response_after
				--> chan_pjsip.c:3194 chan_pjsip_incoming_response P
					    chan_pjsip.c:3245 chan_pjsip_incoming_respon
				<-- chan_pjsip.c:3194 chan_pjsip_incoming_response P
			<-- chan_pjsip.c:3265 chan_pjsip_incoming_response_after
		<-- res_pjsip_session.c:3669 handle_incoming_response PJSIP/
	<-- res_pjsip_session.c:3661 handle_incoming_response PJSIP/1173
<-- res_pjsip_session.c:3680 handle_incoming PJSIP/1173-00000001

  The messages with the "-->" or "<--" were produced by including
  the following at the top of each function:

  SCOPE_TRACE(1, "%s\n", ast_sip_session_get_name(session));

  Scope isn't limited to functions any more than RAII_VAR is.  You
  can also see entry and exit from "if", "for", "while", etc blocks.

  There is also an ast_trace() macro that doesn't track entry or
  exit but simply outputs a message to the trace log using the
  current indent level.  The deepest message in the sample
  (chan_pjsip.c:3245) was used to indicate which "case" in a
  "select" was executed.

How do you use it?

  More documentation is available in logger.h but here's an overview:

  * Configure with --enable-dev-mode.  Like debug, scope tracing
    is #ifdef'd out if devmode isn't enabled.

  * Add a SCOPE_TRACE() call to the top of your function.

  * Set a logger channel in logger.conf to output the "trace" level.

  * Use the CLI (or cli.conf) to set a trace level similar to setting
    debug level... CLI> core set trace 2 res_pjsip.so

Summary Of Changes:

  * Added LOG_TRACE logger level.  Actually it occupies the slot
    formerly occupied by the now defunct "event" level.

  * Added core asterisk option "trace" similar to debug.  Includes
	ability to specify global trace level in asterisk.conf and CLI
	commands to turn on/off and set levels.  Levels can be set
	globally (probably not a good idea), or by module/source file.

  * Updated sample asterisk.conf and logger.conf.  Tracing is
    disabled by default in both.

  * Added __ast_trace() to logger.c which keeps track of the indent
    level using TLS. It's #ifdef'd out if devmode isn't enabled.

  * Added ast_trace() and SCOPE_TRACE() macros to logger.h.
    These are all #ifdef'd out if devmode isn't enabled.

Why not use gcc's -finstrument-functions capability?

  gcc's facility doesn't allow access to local data and doesn't
  operate on non-function scopes.

Known Issues:

  The only know issue is that we currently don't know the line
  number where the scope exited.  It's reported as the same place
  the scope was entered.  There's probably a way to get around it
  but it might involve looking at the stack and doing an 'addr2line'
  to get the line number.  Kind of like ast_backtrace() does.
  Not sure if it's worth it.

Change-Id: Ic5ebb859883f9c10a08c5630802de33500cad027

ASTERISK-28797

Change-Id: Iab364a2c2519fd9d11d1c28293fda43d61b64c28

fork before exec

Posix does only allow async-signal-safe syscalls after fork before exec.
As asterisk ignores this, functions like TrySystem or System sometimes
end up in a deadlocked child process. The patch prevents the use of
non-async-signal-safe syscalls.

ASTERISK-28776

Change-Id: Idc76365c0592ee3f3b3bd72a4f48f7a098978e8e

ast_stream_topology_create_from_format_cap() was setting the
stream->formats directly but not freeing the default formats.  This
causes a memory leak.

* ast_stream_topology_create_from_format_cap() now calls
  ast_stream_set_formats() which properly cleans up the existing
  stream formats.

When cloning a stream, the source stream's format caps _pointer_ is
copied to the new stream and it's reference count bumped.  If
either stream is set to "removed", this will cause _both_ streams
to have their format caps cleared.

* ast_stream_clone() now creates a new format caps object and copies
  the formats from the source stream instead of just copying the
  pointer.

ASTERISK-28870

Change-Id: If697d81c3658eb7baeea6dab413b13423938fb53

Add a new "masquarade" channel event, and use it in app_queue to track unique id's.

Testcase is submitted as https://gerrit.asterisk.org/c/testsuite/+/14210

ASTERISK-28829 #close
ASTERISK-25844 #close

Change-Id: Ifc5f9f9fd70903f3c6e49738d3bc632b085d2df6

These are not provided by standards, and as a result causes failure to
compile on musl.

https://wiki.musl-libc.org/faq.html#Q:-When-compiling-something-against-musl,-I-get-error-messages-about-%3Ccode%3Esys/cdefs.h%3C/code%3E

Change-Id: I6a357cefd106c72cfecafd898638f6b5692c2e05

In a Dialplan, the channel drivers 'chan_sip' and 'chan_iax2' support
the channel items 'secure_bridge_media' and 'secure_bridge_signaling'.
That way, a channel can be forced to use encryption even if not
specified in its configuration.

However, when the Local Proxy kicks in, for example, in case of a
forwarding (SIP status 302), Local Proxy stated it does not know those
items. Consequently, such a call could not be proxied how clever your
Dialplan was. Because local calls within Asterisk are always secure,
Local Proxy accepts such a request now.

ASTERISK-22920

Change-Id: I4c143bb70f686790953cc04c5a4b810bbb03636c